js-confuser 1.5.6 → 1.5.8

package/CHANGELOG.md

@@ -1,3 +1,31 @@
+# `1.5.8`
+Several fixes
+
+- Fixed [#46](https://github.com/MichaelXF/js-confuser/issues/46)
+- - Updated the validation on `lock` options
+
+- Fixed [#68](https://github.com/MichaelXF/js-confuser/issues/68)
+- - Name Recycling fixed to not break certain function declarations
+
+- Fixed [#69](https://github.com/MichaelXF/js-confuser/issues/69), [#70](https://github.com/MichaelXF/js-confuser/issues/70) and [#71](https://github.com/MichaelXF/js-confuser/issues/71)
+- - Import statements to be properly handled
+
+- Slight improvements to String Concealing
+
+# `1.5.7`
+Countermeasures function fixes
+
+This update focuses on fixing Countermeasures bugs
+
+The `countermeasures` is custom callback function to invoke when a lock is triggered.
+
+- Fixed [#66](https://github.com/MichaelXF/js-confuser/issues/66)
+- - RGF to properly handle the countermeasures function
+
+- Added additional code to prevent an infinite loop from occurring
+
+- Slight improvements to RGF
+
 # `1.5.6`
 Website changed and RGF fixes
 

package/dist/options.js

@@ -40,24 +40,24 @@ function validateOptions(options) {
 
   if (options.lock) {
     // Validate browser-lock option
-    if (typeof options.lock.browserLock !== "undefined") {
+    if (options.lock.browserLock && typeof options.lock.browserLock !== "undefined") {
       (0, _assert.ok)(Array.isArray(options.lock.browserLock), "browserLock must be an array");
       (0, _assert.ok)(!options.lock.browserLock.find(browserName => !validBrowsers.has(browserName)), 'Invalid browser name. Allowed: "firefox", "chrome", "iexplorer", "edge", "safari", "opera"');
     } // Validate os-lock option
 
 
-    if (typeof options.lock.osLock !== "undefined") {
+    if (options.lock.osLock && typeof options.lock.osLock !== "undefined") {
       (0, _assert.ok)(Array.isArray(options.lock.osLock), "osLock must be an array");
       (0, _assert.ok)(!options.lock.osLock.find(osName => !validOses.has(osName)), 'Invalid OS name. Allowed: "windows", "linux", "osx", "ios", "android"');
     } // Validate domain-lock option
 
 
-    if (typeof options.lock.domainLock !== "undefined") {
+    if (options.lock.domainLock && typeof options.lock.domainLock !== "undefined") {
       (0, _assert.ok)(Array.isArray(options.lock.domainLock), "domainLock must be an array");
     } // Validate context option
 
 
-    if (typeof options.lock.context !== "undefined") {
+    if (options.lock.context && typeof options.lock.context !== "undefined") {
       (0, _assert.ok)(Array.isArray(options.lock.context), "context must be an array");
     } // Validate start-date option
 

package/dist/transforms/controlFlowFlattening/controlFlowFlattening.js

@@ -31,6 +31,8 @@ var _expressionObfuscation = _interopRequireDefault(require("./expressionObfusca
 
 var _switchCaseObfuscation = _interopRequireDefault(require("./switchCaseObfuscation"));
 
+var _stringConcealing = require("../string/stringConcealing");
+
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 
 function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
@@ -181,6 +183,14 @@ class ControlFlowFlattening extends _transform.default {
       illegalFnNames.forEach(illegal => {
         fnNames.delete(illegal);
       });
+      var importDeclarations = [];
+
+      for (var stmt of body) {
+        if (stmt.type === "ImportDeclaration") {
+          importDeclarations.push(stmt);
+        }
+      }
+
       var fraction = 0.9;
 
       if (body.length > 20) {
@@ -237,7 +247,7 @@ class ControlFlowFlattening extends _transform.default {
             body: [...currentBody]
           });
           (0, _traverse.walk)(currentBody, [], (o, p) => {
-            if (o.type == "Literal" && typeof o.value == "string" && !o.regex && Math.random() / (Object.keys(stringBank).length / 2 + 1) > 0.5) {
+            if (o.type == "Literal" && typeof o.value == "string" && !(0, _stringConcealing.isModuleSource)(o, p) && !o.regex && Math.random() / (Object.keys(stringBank).length / 2 + 1) > 0.5) {
               needsStringBankVar = true;
 
               if (!stringBankByLabels[currentLabel]) {
@@ -260,7 +270,7 @@ class ControlFlowFlattening extends _transform.default {
         };
 
         body.forEach((stmt, i) => {
-          if (functionDeclarations.has(stmt)) {
+          if (functionDeclarations.has(stmt) || stmt.type === "ImportDeclaration") {
             return;
           }
 
@@ -708,6 +718,10 @@ class ControlFlowFlattening extends _transform.default {
       var discriminant = (0, _template.default)("".concat(stateVars.join("+"))).single().expression;
       body.length = 0;
 
+      for (var importDeclaration of importDeclarations) {
+        body.push(importDeclaration);
+      }
+
       if (functionDeclarations.size) {
         functionDeclarations.forEach(x => {
           if (!x.id || illegalFnNames.has(x.id.name)) {

package/dist/transforms/identifier/nameRecycling.js

@@ -87,7 +87,6 @@ class NameRecycling extends _transform.default {
                 return;
               }
 
-              lastReferenceMap.set(o.name, i);
               var comparingContext = info.spec.isDefined ? (0, _insert.getDefiningContext)(o, p) : (0, _insert.getReferencingContexts)(o, p).find(x => (0, _insert.isVarContext)(x));
 
               if (comparingContext !== context) {
@@ -101,7 +100,12 @@ class NameRecycling extends _transform.default {
                 }
 
                 if (info.spec.isDefined) {
-                  if (defined.has(o.name) || (0, _traverse.getBlock)(o, p) !== object) {
+                  // Function Declarations can be used before they're defined, if so, don't change this
+                  if (info.isFunctionDeclaration && lastReferenceMap.has(o.name)) {
+                    illegal.add(o.name);
+                  }
+
+                  if (defined.has(o.name) || (0, _traverse.getBlock)(o, p) !== object || info.isImportSpecifier) {
                     illegal.add(o.name);
                   }
 
@@ -111,6 +115,8 @@ class NameRecycling extends _transform.default {
                   referencedHere.add(o.name);
                 }
               }
+
+              lastReferenceMap.set(o.name, i);
             };
           }
         }); // console.log(i, definedHere);

package/dist/transforms/identifier/renameVariables.js

@@ -165,6 +165,15 @@ class RenameVariables extends _transform.default {
         if (newName && typeof newName === "string") {
           if (o.$renamed) {
             return;
+          } // Strange behavior where the `local` and `imported` objects are the same
+
+
+          if (info.isImportSpecifier) {
+            var importSpecifierIndex = p.findIndex(x => x.type === "ImportSpecifier");
+
+            if (importSpecifierIndex != -1 && p[importSpecifierIndex].imported === (p[importSpecifierIndex - 1] || o) && p[importSpecifierIndex].imported && p[importSpecifierIndex].imported.type === "Identifier") {
+              p[importSpecifierIndex].imported = (0, _insert.clone)(p[importSpecifierIndex - 1] || o);
+            }
           } // console.log(o.name, "->", newName);
 
 

package/dist/transforms/lock/antiDebug.js

@@ -43,7 +43,7 @@ class AntiDebug extends _transform.default {
     var startTimeName = this.getPlaceholder();
     var endTimeName = this.getPlaceholder();
     var isDevName = this.getPlaceholder();
-    var functionDeclaration = (0, _gen.FunctionDeclaration)(fnName, [], [...(0, _template.default)("\n      var ".concat(startTimeName, " = new Date();\n      debugger;\n      var ").concat(endTimeName, " = new Date();\n      var ").concat(isDevName, " = ").concat(endTimeName, "-").concat(startTimeName, " > 1000;\n      ")).compile(), (0, _gen.IfStatement)((0, _gen.Identifier)(isDevName), this.options.lock.countermeasures ? this.lock.getCounterMeasuresCode() : [(0, _gen.WhileStatement)((0, _gen.Identifier)(isDevName), [(0, _gen.ExpressionStatement)((0, _gen.AssignmentExpression)("=", (0, _gen.Identifier)(startTimeName), (0, _gen.Identifier)(endTimeName)))])], null)]);
+    var functionDeclaration = (0, _gen.FunctionDeclaration)(fnName, [], [...(0, _template.default)("\n      var ".concat(startTimeName, " = new Date();\n      debugger;\n      var ").concat(endTimeName, " = new Date();\n      var ").concat(isDevName, " = ").concat(endTimeName, "-").concat(startTimeName, " > 1000;\n      ")).compile(), (0, _gen.IfStatement)((0, _gen.Identifier)(isDevName), this.options.lock.countermeasures ? this.lock.getCounterMeasuresCode(tree.body, [tree]) : [(0, _gen.WhileStatement)((0, _gen.Identifier)(isDevName), [(0, _gen.ExpressionStatement)((0, _gen.AssignmentExpression)("=", (0, _gen.Identifier)(startTimeName), (0, _gen.Identifier)(endTimeName)))])], null)]);
     tree.body.unshift(...DevToolsDetection.compile({
       functionName: fnName
     }));

package/dist/transforms/lock/integrity.js

@@ -148,7 +148,7 @@ class Integrity extends _transform.default {
     }
 
     return () => {
-      object.__hiddenCountermeasures = this.lock.getCounterMeasuresCode();
+      object.__hiddenCountermeasures = this.lock.getCounterMeasuresCode(object, parents);
 
       object.$eval = () => {
         var functionName = this.generateIdentifier();
@@ -178,7 +178,11 @@ class Integrity extends _transform.default {
           ifStatement.alternate = (0, _gen.BlockStatement)(object.__hiddenCountermeasures);
         }
 
-        object.body = (0, _gen.BlockStatement)([functionDeclaration, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(hashName, (0, _gen.CallExpression)((0, _insert.clone)(this.hashFn), [(0, _gen.CallExpression)((0, _insert.clone)(this.stringFn), [(0, _gen.Identifier)(functionName)]), (0, _gen.Literal)(this.seed)]))), ifStatement]);
+        object.body = (0, _gen.BlockStatement)([functionDeclaration, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(hashName, (0, _gen.CallExpression)((0, _insert.clone)(this.hashFn), [(0, _gen.CallExpression)((0, _insert.clone)(this.stringFn), [(0, _gen.Identifier)(functionName)]), (0, _gen.Literal)(this.seed)]))), ifStatement]); // Make sure the countermeasures activation variable is present
+
+        if (this.lock.counterMeasuresActivated) {
+          object.body.body.unshift((0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(this.lock.counterMeasuresActivated)));
+        }
 
         if (object.type == "ArrowFunctionExpression") {
           object.type = "FunctionExpression";

package/dist/transforms/lock/lock.js

@@ -43,6 +43,10 @@ function _defineProperty(obj, key, value) { if (key in obj) { Object.definePrope
  * Applies browser & date locks.
  */
 class Lock extends _transform.default {
+  /**
+   * This is a boolean variable injected into the source code determining wether the countermeasures function has been called.
+   * This is used to prevent infinite loops from happening
+   */
   constructor(o) {
     super(o, _order.ObfuscateOrder.Lock); // Removed feature
     // if (this.options.lock.startDate && this.options.lock.endDate) {
@@ -55,6 +59,8 @@ class Lock extends _transform.default {
 
     _defineProperty(this, "iosDetectFn", void 0);
 
+    _defineProperty(this, "counterMeasuresActivated", void 0);
+
     _defineProperty(this, "made", void 0);
 
     if (this.options.lock.integrity) {
@@ -70,34 +76,29 @@ class Lock extends _transform.default {
 
   apply(tree) {
     if (typeof this.options.lock.countermeasures === "string" && (0, _compare.isValidIdentifier)(this.options.lock.countermeasures)) {
-      var defined = new Set();
       (0, _traverse.default)(tree, (object, parents) => {
-        if (object.type == "Identifier") {
+        if (object.type == "Identifier" && object.name === this.options.lock.countermeasures) {
           var info = (0, _identifiers.getIdentifierInfo)(object, parents);
 
           if (info.spec.isDefined) {
-            defined.add(object.name);
-
-            if (object.name === this.options.lock.countermeasures) {
-              if (this.counterMeasuresNode) {
-                throw new Error("Countermeasures function was already defined, it must have a unique name from the rest of your code");
-              } else {
-                var definingContext = (0, _insert.getVarContext)(parents[0], parents.slice(1));
-
-                if (definingContext != tree) {
-                  throw new Error("Countermeasures function must be defined at the global level");
-                }
+            if (this.counterMeasuresNode) {
+              throw new Error("Countermeasures function was already defined, it must have a unique name from the rest of your code");
+            } else {
+              var definingContext = (0, _insert.getVarContext)(parents[0], parents.slice(1));
 
-                var chain = [object, parents];
+              if (definingContext != tree) {
+                throw new Error("Countermeasures function must be defined at the global level");
+              }
 
-                if (info.isFunctionDeclaration) {
-                  chain = [parents[0], parents.slice(1)];
-                } else if (info.isVariableDeclaration) {
-                  chain = [parents[1], parents.slice(2)];
-                }
+              var chain = [object, parents];
 
-                this.counterMeasuresNode = chain;
+              if (info.isFunctionDeclaration) {
+                chain = [parents[0], parents.slice(1)];
+              } else if (info.isVariableDeclaration) {
+                chain = [parents[1], parents.slice(2)];
               }
+
+              this.counterMeasuresNode = chain;
             }
           }
         }
@@ -111,7 +112,7 @@ class Lock extends _transform.default {
     super.apply(tree);
   }
 
-  getCounterMeasuresCode() {
+  getCounterMeasuresCode(object, parents) {
     var opt = this.options.lock.countermeasures;
 
     if (opt === false) {
@@ -120,8 +121,13 @@ class Lock extends _transform.default {
 
 
     if (typeof opt === "string") {
-      // Since Lock occurs before variable renaming, we are using the pre-obfuscated function name
-      return [(0, _gen.ExpressionStatement)((0, _gen.CallExpression)((0, _template.default)(opt).single().expression, []))];
+      if (!this.counterMeasuresActivated) {
+        this.counterMeasuresActivated = this.getPlaceholder();
+        (0, _insert.prepend)(parents[parents.length - 1] || object, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(this.counterMeasuresActivated)));
+      } // Since Lock occurs before variable renaming, we are using the pre-obfuscated function name
+
+
+      return [(0, _gen.ExpressionStatement)((0, _gen.LogicalExpression)("||", (0, _gen.Identifier)(this.counterMeasuresActivated), (0, _gen.SequenceExpression)([(0, _gen.AssignmentExpression)("=", (0, _gen.Identifier)(this.counterMeasuresActivated), (0, _gen.Literal)(true)), (0, _gen.CallExpression)((0, _template.default)(opt).single().expression, [])])))];
     }
 
     var type = (0, _random.choice)(["crash", "exit"]);
@@ -239,7 +245,7 @@ class Lock extends _transform.default {
           // A very simple mechanism inspired from https://github.com/javascript-obfuscator/javascript-obfuscator/blob/master/src/custom-code-helpers/self-defending/templates/SelfDefendingNoEvalTemplate.ts
           // regExp checks for a newline, formatters add these
           var callExpression = (0, _template.default)("\n            (\n              function(){\n                // Breaks JSNice.org, beautifier.io\n                var namedFunction = function(){\n                  const test = function(){\n                    const regExp=new RegExp('\\n');\n                    return regExp['test'](namedFunction)\n                  };\n                  return test()\n                }\n\n                return namedFunction();\n              }\n            )()\n            ").single().expression;
-          nodes.push((0, _gen.IfStatement)(callExpression, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(callExpression, this.getCounterMeasuresCode(object, parents) || [], null));
           break;
 
         case "nativeFunction":
@@ -270,23 +276,24 @@ class Lock extends _transform.default {
               test = (0, _template.default)("".concat(fn, ".toString().split(\"{ [native code] }\").length <= 1")).single().expression;
             }
 
-            nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+            nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           }
 
           break;
 
         case "startDate":
           test = (0, _gen.BinaryExpression)("<", dateNow, (0, _gen.Literal)(this.getTime(this.options.lock.startDate)));
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           break;
 
         case "endDate":
           test = (0, _gen.BinaryExpression)(">", dateNow, (0, _gen.Literal)(this.getTime(this.options.lock.endDate)));
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           break;
 
         case "context":
-          var prop = (0, _random.choice)(this.options.lock.context); // Todo: Alternative to `this`
+          var prop = (0, _random.choice)(this.options.lock.context);
+          var code = this.getCounterMeasuresCode(object, parents) || []; // Todo: Alternative to `this`
 
           if (!this.globalVar) {
             offset = 1;
@@ -295,12 +302,13 @@ class Lock extends _transform.default {
           }
 
           test = (0, _gen.UnaryExpression)("!", (0, _gen.MemberExpression)((0, _gen.Identifier)(this.globalVar), (0, _gen.Literal)(prop), true));
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, code, null));
           break;
 
         case "osLock":
           var navigatorUserAgent = (0, _template.default)("window.navigator.userAgent.toLowerCase()").single().expression;
           (0, _assert.ok)(this.options.lock.osLock);
+          var code = this.getCounterMeasuresCode(object, parents) || [];
           this.options.lock.osLock.forEach(osName => {
             var agentMatcher = {
               windows: "Win",
@@ -338,7 +346,7 @@ class Lock extends _transform.default {
           });
           test = (0, _gen.UnaryExpression)("!", { ...test
           });
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, code, null));
           break;
 
         case "browserLock":
@@ -360,7 +368,7 @@ class Lock extends _transform.default {
           });
           test = (0, _gen.UnaryExpression)("!", { ...test
           });
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           break;
 
         case "domainLock":
@@ -392,7 +400,7 @@ class Lock extends _transform.default {
               test = (0, _gen.LogicalExpression)("||", (0, _gen.BinaryExpression)("==", (0, _gen.UnaryExpression)("typeof", (0, _gen.Identifier)("location")), (0, _gen.Literal)("undefined")), test);
             }
 
-            nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+            nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           }
 
           break;

package/dist/transforms/preparation/preparation.js

@@ -17,8 +17,6 @@ var _identifiers = require("../../util/identifiers");
 
 var _label = _interopRequireDefault(require("../label"));
 
-var _antiDestructuring = _interopRequireDefault(require("../es5/antiDestructuring"));
-
 var _compare = require("../../util/compare");
 
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
@@ -179,11 +177,6 @@ class Preparation extends _transform.default {
     this.before.push(new _label.default(o));
     this.before.push(new ExplicitIdentifiers(o));
     this.before.push(new ExplicitDeclarations(o));
-
-    if (this.options.es5) {
-      this.before.push(new _antiDestructuring.default(o));
-    } // this.before.push(new NameConflicts(o));
-
   }
 
   match() {

package/dist/transforms/rgf.js

@@ -75,6 +75,8 @@ class RGF extends _transform.default {
       var definingNodes = new Map();
       (0, _traverse.walk)(contextObject, contextParents, (object, parents) => {
         if (object !== contextObject && (0, _insert.isFunction)(object) && !object.$requiresEval && !object.async && !object.generator && (0, _insert.getVarContext)(parents[0], parents.slice(1)) === contextObject) {
+          var _this$options$lock;
+
           // Discard getter/setter methods
           if (parents[0].type === "Property" && parents[0].value === object) {
             if (parents[0].method || parents[0].kind === "get" || parents[0].kind === "set") {
@@ -85,12 +87,36 @@ class RGF extends _transform.default {
 
           if (parents[0].type === "MethodDefinition" && parents[0].value === object) {
             return;
+          } // Avoid applying to the countermeasures function
+
+
+          if (typeof ((_this$options$lock = this.options.lock) === null || _this$options$lock === void 0 ? void 0 : _this$options$lock.countermeasures) === "string") {
+            // function countermeasures(){...}
+            if (object.type === "FunctionDeclaration" && object.id.type === "Identifier" && object.id.name === this.options.lock.countermeasures) {
+              return;
+            } // var countermeasures = function(){...}
+
+
+            if (parents[0].type === "VariableDeclarator" && parents[0].init === object && parents[0].id.type === "Identifier" && parents[0].id.name === this.options.lock.countermeasures) {
+              return;
+            }
           }
 
           var defined = new Set(),
               referenced = new Set();
           var isBound = false;
-          (0, _traverse.walk)(object.body, [object, ...parents], (o, p) => {
+          /**
+           * The fnTraverses serves two important purposes
+           *
+           * - Identify all the variables referenced and defined here
+           * - Identify is the 'this' keyword is used anywhere
+           *
+           * @param o
+           * @param p
+           * @returns
+           */
+
+          const fnTraverser = (o, p) => {
             if (o.type == "Identifier" && !_constants.reservedIdentifiers.has(o.name) && !this.options.globalVariables.has(o.name)) {
               var info = (0, _identifiers.getIdentifierInfo)(o, p);
 
@@ -98,7 +124,7 @@ class RGF extends _transform.default {
                 return;
               }
 
-              if (info.spec.isDefined) {
+              if (info.spec.isDefined && (0, _insert.getDefiningContext)(o, p) === object) {
                 defined.add(o.name);
               } else {
                 referenced.add(o.name);
@@ -108,7 +134,10 @@ class RGF extends _transform.default {
             if (o.type == "ThisExpression" || o.type == "Super") {
               isBound = true;
             }
-          });
+          };
+
+          (0, _traverse.walk)(object.params, [object, ...parents], fnTraverser);
+          (0, _traverse.walk)(object.body, [object, ...parents], fnTraverser);
 
           if (!isBound) {
             var _object$id;

package/dist/transforms/string/stringConcealing.js

@@ -70,17 +70,20 @@ class StringConcealing extends _transform.default {
 
     _defineProperty(this, "encoding", Object.create(null));
 
+    _defineProperty(this, "gen", void 0);
+
     _defineProperty(this, "hasAllEncodings", void 0);
 
     this.set = new Set();
     this.index = Object.create(null);
     this.arrayExpression = (0, _gen.ArrayExpression)([]);
-    this.hasAllEncodings = false; // Pad array with useless strings
+    this.hasAllEncodings = false;
+    this.gen = this.getGenerator(); // Pad array with useless strings
 
-    var dead = (0, _random.getRandomInteger)(4, 10);
+    var dead = (0, _random.getRandomInteger)(5, 15);
 
     for (var i = 0; i < dead; i++) {
-      var str = (0, _random.getRandomString)((0, _random.getRandomInteger)(4, 20));
+      var str = (0, _random.getRandomString)((0, _random.getRandomInteger)(5, 40));
       var fn = this.transform((0, _gen.Literal)(str), []);
 
       if (fn) {
@@ -104,7 +107,7 @@ class StringConcealing extends _transform.default {
       (0, _insert.append)(tree, (0, _template.default)("\n            \n            function ".concat(getterFn, "(x, y, z, a = ").concat(decodeFn, ", b = ").concat(cacheName, "){\n              if ( z ) {\n                return y[").concat(cacheName, "[z]] = ").concat(getterFn, "(x, y);\n              } else if ( y ) {\n                [b, y] = [a(b), x || z]\n              }\n            \n              return y ? x[b[y]] : ").concat(cacheName, "[x] || (z=(b[x], a), ").concat(cacheName, "[x] = z(").concat(this.arrayName, "[x]))\n            }\n  \n            ")).single());
     });
     var flowIntegrity = this.getPlaceholder();
-    (0, _insert.prepend)(tree, (0, _gen.VariableDeclaration)([(0, _gen.VariableDeclarator)(cacheName, (0, _gen.ArrayExpression)([])), (0, _gen.VariableDeclarator)(flowIntegrity, (0, _gen.Literal)(0)), (0, _gen.VariableDeclarator)(this.arrayName, (0, _gen.CallExpression)((0, _gen.FunctionExpression)([], [(0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)("a", this.arrayExpression)), (0, _template.default)("return (".concat(flowIntegrity, " ? a.pop() : ").concat(flowIntegrity, "++, a)")).single()]), []))]));
+    (0, _insert.prepend)(tree, (0, _gen.VariableDeclaration)([(0, _gen.VariableDeclarator)(cacheName, (0, _gen.ArrayExpression)([])), (0, _gen.VariableDeclarator)(flowIntegrity, (0, _gen.Literal)(0)), (0, _gen.VariableDeclarator)(this.arrayName, (0, _gen.CallExpression)((0, _gen.FunctionExpression)([], [(0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)("a", this.arrayExpression)), (0, _template.default)("return (".concat(flowIntegrity, " ? a[\"pop\"]() : ").concat(flowIntegrity, "++, a)")).single()]), []))]));
   }
 
   match(object, parents) {
@@ -117,7 +120,7 @@ class StringConcealing extends _transform.default {
   transform(object, parents) {
     return () => {
       // Empty strings are discarded
-      if (!object.value || this.ignore.has(object.value)) {
+      if (!object.value || this.ignore.has(object.value) || object.value.length == 0) {
         return;
       }
 
@@ -143,53 +146,87 @@ class StringConcealing extends _transform.default {
 
       if (encoder.decode(encoded) != object.value) {
         this.ignore.add(object.value);
-        this.warn(object.value.slice(0, 100));
+        this.warn(type, object.value.slice(0, 100));
         return;
-      } // Fix 1. weird undefined error
+      }
+
+      var index = -1;
 
+      if (!this.set.has(object.value)) {
+        this.arrayExpression.elements.push((0, _gen.Literal)(encoded));
+        index = this.arrayExpression.elements.length - 1;
+        this.index[object.value] = [index, fnName];
+        this.set.add(object.value);
+      } else {
+        [index, fnName] = this.index[object.value];
+        (0, _assert.ok)(typeof index === "number");
+      }
 
-      if (object.value && object.value.length > 0) {
-        var index = -1;
+      (0, _assert.ok)(index != -1, "index == -1");
+      var callExpr = (0, _gen.CallExpression)((0, _gen.Identifier)(fnName), [(0, _gen.Literal)(index)]); // use `.apply` to fool automated de-obfuscators
 
-        if (!this.set.has(object.value)) {
-          this.arrayExpression.elements.push((0, _gen.Literal)(encoded));
-          index = this.arrayExpression.elements.length - 1;
-          this.index[object.value] = [index, fnName];
-          this.set.add(object.value);
-        } else {
-          [index, fnName] = this.index[object.value];
-          (0, _assert.ok)(typeof index === "number");
-        }
+      if (Math.random() > 0.5) {
+        callExpr = (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(fnName), (0, _gen.Identifier)("apply"), false), [(0, _gen.ThisExpression)(), (0, _gen.ArrayExpression)([(0, _gen.Literal)(index)])]);
+      } // use `.call`
+      else if (Math.random() > 0.5) {
+        callExpr = (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(fnName), (0, _gen.Identifier)("call"), false), [(0, _gen.ThisExpression)(), (0, _gen.Literal)(index)]);
+      }
 
-        (0, _assert.ok)(index != -1, "index == -1");
-        var callExpr = (0, _gen.CallExpression)((0, _gen.Identifier)(fnName), [(0, _gen.Literal)(index)]); // use `.apply` to fool automated de-obfuscators
+      var referenceType = "call";
 
-        if (Math.random() > 0.5) {
-          callExpr = (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(fnName), (0, _gen.Identifier)("apply"), false), [(0, _gen.ThisExpression)(), (0, _gen.ArrayExpression)([(0, _gen.Literal)(index)])]);
-        } // use `.call`
-        else if (Math.random() > 0.5) {
-          callExpr = (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(fnName), (0, _gen.Identifier)("call"), false), [(0, _gen.ThisExpression)(), (0, _gen.Literal)(index)]);
-        }
+      if (parents.length && Math.random() < 0.5 / this.variablesMade) {
+        referenceType = "constantReference";
+      }
 
-        var constantReference = parents.length && Math.random() > 0.5 / this.variablesMade;
+      var newExpr = callExpr;
 
-        if (constantReference) {
-          // Define the string earlier, reference the name here
-          var name = this.getPlaceholder();
-          var place = (0, _random.choice)(parents.filter(node => (0, _traverse.isBlock)(node)));
+      if (referenceType === "constantReference") {
+        // Define the string earlier, reference the name here
+        this.variablesMade++;
+        var constantReferenceType = (0, _random.choice)(["variable", "array", "object"]);
+        var place = (0, _random.choice)(parents.filter(node => (0, _traverse.isBlock)(node)));
 
-          if (!place) {
-            this.error(Error("No lexical block to insert code"));
-          }
+        if (!place) {
+          this.error(new Error("No lexical block to insert code"));
+        }
 
-          place.body.unshift((0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(name, callExpr)));
-          this.replaceIdentifierOrLiteral(object, (0, _gen.Identifier)(name), parents);
-          this.variablesMade++;
-        } else {
-          // Direct call to the getter function
-          this.replaceIdentifierOrLiteral(object, callExpr, parents);
+        switch (constantReferenceType) {
+          case "variable":
+            var name = this.getPlaceholder();
+            (0, _insert.prepend)(place, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(name, callExpr)));
+            newExpr = (0, _gen.Identifier)(name);
+            break;
+
+          case "array":
+            if (!place.$stringConcealingArray) {
+              place.$stringConcealingArray = (0, _gen.ArrayExpression)([]);
+              place.$stringConcealingArrayName = this.getPlaceholder();
+              (0, _insert.prepend)(place, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(place.$stringConcealingArrayName, place.$stringConcealingArray)));
+            }
+
+            var arrayIndex = place.$stringConcealingArray.elements.length;
+            place.$stringConcealingArray.elements.push(callExpr);
+            var memberExpression = (0, _gen.MemberExpression)((0, _gen.Identifier)(place.$stringConcealingArrayName), (0, _gen.Literal)(arrayIndex), true);
+            newExpr = memberExpression;
+            break;
+
+          case "object":
+            if (!place.$stringConcealingObject) {
+              place.$stringConcealingObject = (0, _gen.ObjectExpression)([]);
+              place.$stringConcealingObjectName = this.getPlaceholder();
+              (0, _insert.prepend)(place, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(place.$stringConcealingObjectName, place.$stringConcealingObject)));
+            }
+
+            var propName = this.gen.generate();
+            var property = (0, _gen.Property)((0, _gen.Literal)(propName), callExpr, true);
+            place.$stringConcealingObject.properties.push(property);
+            var memberExpression = (0, _gen.MemberExpression)((0, _gen.Identifier)(place.$stringConcealingObjectName), (0, _gen.Literal)(propName), true);
+            newExpr = memberExpression;
+            break;
         }
       }
+
+      this.replaceIdentifierOrLiteral(object, newExpr, parents);
     };
   }
 

package/dist/transforms/transform.js

@@ -378,7 +378,7 @@ class Transform {
     }
   }
   /**
-   * Verbose logging for warning/importing messages.
+   * Verbose logging for warning/important messages.
    * @param messages
    */